Search

Security ID : NAS-201810-11

Security Advisory for Samba Vulnerabilities

  • Release date : October 11, 2018

  • CVE identifier : CVE-2018-10858 | CVE-2018-10919

  • Affected products: QTS 4.2.6: build 20180711 and earlier versions
    QTS 4.3.3: build 20180810 and earlier versions
    QTS 4.3.4: build 20180810 and earlier versions

Severity

Moderate

Status

Resolved

Summary

Multiple samba vulnerabilities have been reported, two of which affect QTS. If exploited, these vulnerabilities could allow attackers to execute arbitrary codes (CVE-2018-10858) or access sensitive information on the NAS (CVE-2018-10919).

We have already fixed these issues in the following QTS versions.

  • QTS 4.2.6: build 20180829 and later
  • QTS 4.3.3: build 20180829 and later
  • QTS 4.3.4: build 20180830 and later

Other reported vulnerabilities (CVE-2018-1139, CVE-2018-1140, and CVE-2018-10918) do not affect QNAP devices as these only affect Samba 4.7 and later versions.

Recommendation

To fix these vulnerabilities, we recommend updating QTS to the latest version.

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

 

Revision History: V1.0 (October 11, 2018) - Published

Choose specification

      Show more Less

      This site in other countries/regions:

      open menu
      back to top